Bug Bounty


Balancer has completed smart contract audits with Trail of Bits. We also will run a continuous bug bounty program for the bronze release of Balancer core.


The bug bounty covers any of the core smart contracts deployed on mainnet. The code can be found at: https://github.com/balancer-labs/balancer-core

Submissions should be based off commit hash: https://github.com/balancer-labs/balancer-core/tree/2d88257fb27ad3c84b5166304a342e66055a81b3

Mainnet BFactory can be found at: https://etherscan.io/address/0x9424b1412450d0f8fc2255faf6046b98213b76bd

Additional second layer contracts such as the exchange proxy or individual smart pool contracts may be added at a further date.


The bounty program will pay out rewards according to the severity of a vulnerability. The final reward amount is at the sole discretion of Balancer Labs.




$10,000 - $25,000


  • Stealing assets from a pool

  • Permanently freezing pool assets

$5,000 - $10,000


  • Severe rounding errors where an attacker can steal significant funds in excess of any gas costs or swap fees

  • Manipulating a finalized pool's assets / weights / fees

$1,000 - $2,500


  • Minor rounding errors that allow an attacker to slowly manipulate funds to their advantage

$0 - $1,000


  • Informational and code quality based disclosures

Reporting / Disclosures

Please report any findings to security@balancer.finance with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.

Ineligible Findings

  • Duplicate vulnerabilities. Only the first reporter will be rewarded.

  • Findings already known as part of a formal audit